Awesome! Glad to see such an awareness. With all the forensics and counter forensics, it boils down to a game of cat and mouse. This was a great thread. Being that computers are so layered, maybe articles could be wrote to educate those interested in reading and learning steps to protect themselves. The pros and cons of each. Maybe even stuff on each tool, because eventual even truecypt will be exploited if not cracked.

There are no absolute safeguards, just like locking and turning on your car alarm doesn't mean that your car won't be stolen. But which of us is going to leave are car unlocked, windows down and keys in it? (In the city, that is).

Once again, awesome thread!

Encryption only works against governments and entities that respect the rule of law and natural rights.

Any password or encryption can be cracked in 5 minutes or less, all it takes is you tied to a chair in a room with a sadistic bastard who is willing to cut each of your fingers & toes off one at a time till you give them the password. Don't think they won't resort to that either.

__________________

RIP JT Ready.
English till the day I die.Where there's Black there's Crime.
Separate when you can, Interact when you must.
Ignorance is Slavery.
Liberalism is Proctocephalicism (nice one phoenix) ;).Just another diversity malfunction.
Pro-White forever.

Any password or encryption can be cracked in 5 minutes or less, all it takes is you tied to a chair in a room with a sadistic bastard who is willing to cut each of your fingers & toes off one at a time till you give them the password. Don't think they won't resort to that either.

Yes I am quite sure that exactly this kind of scenario is the everyday norm in England.

Encryption only works against governments and entities that respect the rule of law and natural rights.

Rubber hoses, fire, and pliers are excellent decryption keys.

Quote:

Originally Posted by MinisterFredE

Any password or encryption can be cracked in 5 minutes or less, all it takes is you tied to a chair in a room with a sadistic bastard who is willing to cut each of your fingers & toes off one at a time till you give them the password. Don't think they won't resort to that either.

I am still waiting for the White Nationalist to be tortured in the US. It hasn't happened yet. Not to my knowledge, and the key word is yet. I will say in my youth I experienced incarceration. Yes, I have been thrown in tanks with all blacks after the Rodney King deal for my behavior as a "lesson". Yes, I have been whooped by the police. No I have not snitched, broke or paid protection. None of which constitutes torture (at least not in my mind). I guess it depends on your breaking point and what kind of abuse the government will put out for the information they think you have on your computer.

But this does also show just how valuable True Crypt's hidden file option is. With it, you can give a password that will open a file filled with, say, animal porn or MP3s, while keeping another file completely hidden and undetectable.

Forcing the giving up of keys is ultimately counter productive since it will just push people into using encryption schemes where different keys provide different data. So people will happily hand over key one keeping the courts happy but not key two. Then since there is no way to prove there is more then one key the court can't ask a defendant for additional keys if they may not even exist. It's completely short sighted and ignorant for a court to think it has any long term power in these situations!

There has been an interesting update in the Jeffery Feldman child porn case, which is the case that caused me to start this thread.

As you will recall, Feldman is a computer engineer living in Milwaukee, WI, whom the Feds suspect was downloading child porn from eMule (a P2P program). They busted into his house and found a whole bunch of external hard drives all encrypted. See West Allis encryption case delves into Fifth Amendment debate

The Feds tried to force him to give up his password. He refused and took The Fifth, and a court battle has developed.

What I gathered from reading the Federal court records is that they were able to examine his laptop and only two of the external hard drives. For some reason, the laptop (which was running Win7 Ultimate) was not encrypted. So 2 dirty movies were found in the temp folder.

The two encrypted hard drives were somehow decrypted, most likely because they were able to guess the password by doing a brute force on known passwords Feldman has used for other things like email and such that they got from his unencrypted laptop. THIS IS A HUGE VULNERABILITY AND YOU ALL NEED TO WATCH OUT FOR THIS. DO NOT USE SAME OR SIMILAR PASSWORDS FOR YOUR EMAIL AND ONLINE BANKING AS YOU WOULD FOR YOUR SECRET PORN STASH OR OTHER ITEMS YOU WANT TO PROTECT!!!

A password for your email, YouTube account, online banking only needs to be strong enough to keep your kids / spouse, or others out of your business. Six or eight characters is enough as, no matter how strong your password is, the cops will be able to get access to your stuff anyways directly from the merchant or entity.

The files that you want to keep totally secret are a completely different matter. For that the ONLY way the Govt. can get into them is if you let them. So here it is in your best interests to use lengthy and complex passwords. You can also combine your security by using an eToken, CAC, or something similar that would also combine with your strong password. But in any event, you want to use a completely and totally different password and combination of words or characters for your super secret stuff than you use for your normal email and banking. That way, the Govt cannot brute force your super secret password via the use of your previous passwords.

So anyways, after getting into Feldman's two encrypted hard drives the Feds found like 500,000+ suspected child porn images and videos. So this dude is toast. No matter how the 5th Amend. argument plays out, this guy is going to prison for decades.

My question to the AUSA (whom I know frequently trolls and lurks in this forum) is why is Karine still wanting to push the decryption issue when you already have more than enough to lock this guy up? By continuing to litigate this matter, do you not realize that you are quite likely to end up with an adverse ruling that will only serve to empower this kind of filth to keep on doing what they're doing with their dirty pictures and such?

Why not just leave well enough alone, drop the matter, and just prosecute him for the 500,000 child porn pics that you already got. Let's assume you are somehow able to get him to decrypt the remaining 9 TB of hard drives. Whether he has 5 million or 5 hundred thousand dirty pics, you can only lock him up once.

Even if a judge were to order him to decrypt, Feldman is not going to comply. The punishment for not revealing his password is far, far less than what he is already facing as a result of the discovery of the 500,000 dirty pics you guys already have on him.

Anyways, I hope the lessons learned from this case will be applied by my fellow White Race activists. What the Feds can do to child pornographers, they can also do to us good white people.

Lessons Learned:
1. Keep your sh1t encrypted 24/7/365 when you are not physically in front of your computer.

2. For your secret stash, use a password completely different than what you use anywhere else, such as email, YouTube, or online banking accounts.

By definition, there is no way to prove that any collection of digital stuff in a file or on a hard drive is encrypted without the key. All anyone has to do to thwart any demand to turn over an encryption key is to say that the drive must be defective as it was perfectly readable before being confiscated. Same with an encrypted file. When the government claims that a drive or file is encrypted, a blank stare would be in order. Data that is encrypted is, after all, mathematically indistinguishable from random data. I say again: Data that is encrypted is mathematically indistinguishable from random data.

As far as any backdoor in the encryption software, I doubt it. The software could be easily be decompiled and, if it were shown that the system had a hack inserted by the maker, there would be an easily winnable tort facing the maker of the drive due to breach of promise. The company sells the hardware with the promise that the data stored thereon will be protected. As I mentioned above, the most likely scenario in this case is that a thorough search of the person's IRL or online effects provided a scrap of paper with the passphrase.

Personally, I use a passphrase that is very long, contains nothing but complete nonsense, and, uses a variety of different letters, numbers and special characters that I memorized years ago and have never written down. Should I ever find it necessary to write it down, the passphrase would contain enough info for me to remember it but have a sufficiency of mistakes as to render it impossible to churn through the billions of other permutations before the sun flames out.

Everyone makes a lot of the computing power of the NSA or whatever other super agencies of the government. There is one reality though, taking 40 of the 256 characters typeable from the keyboard in an order dependant manner with duplications yields 2.13598703e+96 permutations. The number of atoms in the entire observable universe is estimated to be within the range of a mere 10e+78 to 10e+82. That scales the problem when it comes to cracking an encryption key.

Even with quantum computing, the task would require more time than is left in the life of the universe. Even with being able to compute all of the keys simultaneously, there is still the need to apply every single key (possibly - since the last key may be the correct one) to the set of data bits in question and then check the result to see if it is the one desired.

So, when the agency says it has been working for months to decrypt the hard drive, it means they have poured through everything the subject of the investigation has in his possession and extensive questioning of others to try and understand the subject's thinking to guess the passphrase.

Further, if the file is encrypted more than once, it means that it would be impossible to check intermediate results. Multiple-pass encryption means that the primary pass yields an encrypted file thus confounding any brute-force methods.

Also, there may be flaws in the software or the design that might leave a passphrase in memory. That means it is always prudent to use the feature of all competent encryption platforms wherein the passphrase can be flushed from memory.

So, I am not too worried about my encrypted files being decrypted. As far as forcing someone to provide a passphrase or be held in contempt, I doubt that such a ruling would stand a Supreme Court challenge because of the 5th amendment that provides the accused does not have to provide any information that might be used to prosecute him. Further, the accused never need speak in a criminal proceeding as it the burden of the government to prove its case in order to convict the presumed innocent defendant.

Some weirdos are commenting (on other sites) about how the Govt is doing this to hide their abilities and decryption.

Why would they need to "hide their capabilities"? Do you honestly think they would care if people knew they could decrypt *anything*? For every pedo that encrypts his sh1t, there's probably a dozen that don't. Why waste their time putting on a show for the one guy just to make the public think their hands are tied.

The much more likely reality is that the feds have limited resources to spend cracking encryption, just like they're limited in their ability to do, well, anything else. Let's not give the gov't more credit than is due.